Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.063exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.098 exploits
GitHub PoC
Jeanback1/CVE-2019-9053-exploit
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RIESGO
abrir ↗GitHub PoC
Dungsocool/CVE-2014-3120
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execut
100RIESGO
abrir ↗GitHub PoC
Remote Code Execution in MCPJam 1.4.2 and older.
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir ↗GitHub PoC
CVE-2026-23744 — Proof of concept exploit for an unauthenticated Remote Code Execution vulnerability in MCPJam Inspector <= 1.4.2.
REC in MCPJam inspector due to HTTP Endpoint exposes
75RIESGO
abrir ↗GitHub PoC
b1nhack/CVE-2024-1086
Use-after-free in Linux kernel's netfilter: nf_tables component
76RIESGO
abrir ↗GitHub PoC
CVE-2025-5947 WordPress Service Finder Bookings ≤ 6.0 Exploit
Service Finder Bookings <= 6.0 - Authentication Bypass via User Switch Cookie
63RIESGO
abrir ↗GitHub PoC
This exploit is based on CVE-2023-27350 and was built upon the original exploit by horizon3ai and the Metasploit module.
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RIESGO
abrir ↗GitHub PoC★ 3
CVE-2026-0257
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir ↗GitHub PoC
CVE-2026-0257 - PAN-OS
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir ↗GitHub PoC
HAERIN-L/POC_CVE-2026-46716
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron
48RIESGO
abrir ↗GitHub PoC
Python POC, Exploit for CVE-2026-29000
pac4j-jwt JwtAuthenticator Authentication Bypass
48RIESGO
abrir ↗GitHub PoC
Dungsocool/CVE-2018-7600
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RIESGO
abrir ↗GitHub PoC
Delt-A/CVE-2024-36401-poc
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RIESGO
abrir ↗GitHub PoC
Auditoría de seguridad y análisis de vulnerabilidades (CVE-2014-3566 y CVE-2010-2333) en la infraestructura de red local y router residencial.
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scrip
50RIESGO
abrir ↗GitHub PoC
kavin-jindal/CVE-2026-48778-PoC
Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
41RIESGO
abrir ↗GitHub PoC
HAERIN-L/poc_cve-2026-42208
LiteLLM: SQL injection in Proxy API key verification
100RIESGO
abrir ↗GitHub PoC
Dhananjayasj/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability
Microsoft Outlook Remote Code Execution Vulnerability
100RIESGO
abrir ↗GitHub PoC
letsr00t/CVE-2026-43494-PinTheft-PoC
net/rds: reset op_nents when zerocopy page pin fails
41RIESGO
abrir ↗GitHub PoC
CVE-2026-39987 - Draft
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RIESGO
abrir ↗GitHub PoC
jomjosh17/Log4Shell-CVE-2021-44228-
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗GitHub PoC★ 7
CVE-2025-38352 kernel exploit for LG webOS Smart TVs (ARM64). Achieves persistent root on real consumer hardware with novel exploitation techniques. Responsibly disclosed to LG.
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
71RIESGO
abrir ↗GitHub PoC
Testing a List of IP address incase they are vulnerable to CVE-2024-3400
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
100RIESGO
abrir ↗GitHub PoC★ 7
Notepad++ RCE via config.xml commandLineInterpreter
Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
41RIESGO
abrir ↗GitHub PoC
CVE-2025-10162 Exploit
OrderConvo < 14 - Unauthenticated Arbitrary File Read
56RIESGO
abrir ↗GitHub PoC★ 2
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RIESGO
abrir ↗GitHub PoC★ 1
POC_CVE-2026-42589
Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection
63RIESGO
abrir ↗GitHub PoC
PHP poc, exploit for CVE-2025-9074
Docker Desktop allows unauthenticated access to Docker Engine API from containers
48RIESGO
abrir ↗GitHub PoC
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RIESGO
abrir ↗GitHub PoC★ 2
CVE-2026-8732 | WP Maps Pro <= 6.1.0 | Unauthenticated Privilege Escalation
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RIESGO
abrir ↗GitHub PoC
Exploiting heap-based buffer overflow in sudo for privilege escalation
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.